php输入post过滤函数,入库出库,显示
第一部分 php输入post过滤函数
function GLOBAL_POST($str)
{
$str_origin=$str;
if (empty($str)) return false;
$str = str_replace( '/', "", $str);//替换关键词
$str = str_replace("\\", "", $str);
$str = str_replace(">", "", $str);
$str = str_replace("<", "", $str);
$str = str_replace("<SCRIPT>", "", $str);
$str = str_replace("</SCRIPT>", "", $str);
$str = str_replace("<script>", "", $str);
$str = str_replace("</script>", "", $str);
$str=str_replace("select","select",$str);
$str=str_replace("join","join",$str);
$str=str_replace("union","union",$str);
$str=str_replace("where","where",$str);
$str=str_replace("insert","insert",$str);
$str=str_replace("delete","delete",$str);
$str=str_replace("update","update",$str);
$str=str_replace("like","like",$str);
$str=str_replace("drop","drop",$str);
$str=str_replace("create","create",$str);
$str=str_replace("modify","modify",$str);
$str=str_replace("rename","rename",$str);
$str=str_replace("alter","alter",$str);
$str=str_replace("cas","cast",$str);
$str=str_replace("&","&",$str);
$str=str_replace(">",">",$str);
$str=str_replace("<","<",$str);
$str=str_replace(" ","",$str);
$str=str_replace(" ","",$str);
$str=str_replace(" ","",$str);
$str=str_replace("&","",$str);
$str=str_replace("'","",$str);
$str=str_replace("<br />",chr(13),$str);
$str=str_replace("''","'",$str);
$str=str_replace("css","'",$str);
$str=str_replace("CSS","'",$str);
$str=str_replace(";","",$str);
$str=str_replace("-","",$str);
$str=str_replace("*","",$str);
$str=str_replace("!","",$str);
$str=str_replace("$","",$str);
$str=str_replace("=","",$str);
$str=str_replace("+","",$str);
$str=str_replace("%","",$str);
$str = htmlspecialchars($str);//把预定义的字符 "<" (小于)和 ">" (大于)转换为 HTML 实体:
$str = strip_tags($str);//strip_tags() 函数剥去字符串中的 HTML、XML 以及 PHP 的标签。
if($str_origin==$str){
return $str;
}else{
return false;
}
}
这个函数过滤了大部分值(您可错杀不放过)
不可用于code部分的输入。
仅仅用于用户名等注册内容。
其中一个空格是全角空格,dz不识别,程序自取
第二部分:入库出库显示
本文实例讲述了PHP数据的提交与过滤基本操作。分享给大家供大家参考,具体如下:
1、php提交数据过滤的基本原则
1)提交变量进数据库时,我们必须使用addslashes()进行过滤,像我们的注入问题,一个addslashes()也就搞定了。其实在涉及到变量取值时,intval()函数对字符串的过滤也是个不错的选择。
2)在php.ini中开启magic_quotes_gpc和magic_quotes_runtime。magic_quotes_gpc可以把get,post,cookie里的引号变为斜杠。
magic_quotes_runtime对于进出数据库的数据可以起到格式话的作用。其实,早在以前注入很疯狂时,这个参数就很流行了。
3)在使用系统函数时,必须使用escapeshellarg(),escapeshellcmd()参数去过滤,这样你也就可以放心的使用系统函数。
4)对于跨站,strip_tags(),htmlspecialchars()两个参数都不错,对于用户提交的的带有html和php的标记都将进行转换。比如尖括号"<"就将转化为 "<"这样无害的字符。
1 2 |
|
5)对于相关函数的过滤,就像先前的include(),unlink,fopen()等等,只要你把你所要执行操作的变量指定好或者对相关字符过滤严密,我想
这样也就无懈可击了。
2、PHP简单的数据过滤
1)入库: trim($str),addslashes($str)
2)出库: stripslashes($str)
3)显示: htmlspecialchars(nl2br($str))
<?php
/**
* global.func.php 公共函数库
*/
/**
* 返回经addslashes处理过的字符串或数组
* @param $string 需要处理的字符串或数组
* @return mixed
*/
function new_addslashes($string){
if(!is_array($string)) return addslashes($string);
foreach($string as $key => $val) $string[$key] = new_addslashes($val);
return $string;
}
/**
* 返回经stripslashes处理过的字符串或数组
* @param $string 需要处理的字符串或数组
* @return mixed
*/
function new_stripslashes($string) {
if(!is_array($string)) return stripslashes($string);
foreach($string as $key => $val) $string[$key] = new_stripslashes($val);
return $string;
}
/**
* 返回经htmlspecialchars处理过的字符串或数组
* @param $obj 需要处理的字符串或数组
* @return mixed
*/
function new_html_special_chars($string) {
$encoding = 'utf-8';
if(strtolower(CHARSET)=='gbk') $encoding = 'ISO-8859-15';
if(!is_array($string)) return htmlspecialchars($string,ENT_QUOTES,$encoding);
foreach($string as $key => $val) $string[$key] = new_html_special_chars($val);
return $string;
}
function new_html_entity_decode($string) {
$encoding = 'utf-8';
if(strtolower(CHARSET)=='gbk') $encoding = 'ISO-8859-15';
return html_entity_decode($string,ENT_QUOTES,$encoding);
}
function new_htmlentities($string) {
$encoding = 'utf-8';
if(strtolower(CHARSET)=='gbk') $encoding = 'ISO-8859-15';
return htmlentities($string,ENT_QUOTES,$encoding);
}
/**
* 安全过滤函数
*
* @param $string
* @return string
*/
function safe_replace($string) {
$string = str_replace('%20','',$string);
$string = str_replace('%27','',$string);
$string = str_replace('%2527','',$string);
$string = str_replace('*','',$string);
$string = str_replace('"','"',$string);
$string = str_replace("'",'',$string);
$string = str_replace('"','',$string);
$string = str_replace(';','',$string);
$string = str_replace('<','<',$string);
$string = str_replace('>','>',$string);
$string = str_replace("{",'',$string);
$string = str_replace('}','',$string);
$string = str_replace('\\','',$string);
return $string;
}
/**
* xss过滤函数
*
* @param $string
* @return string
*/
function remove_xss($string) {
$string = preg_replace('/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]+/S', '', $string);
$parm1 = Array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base');
$parm2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload');
$parm = array_merge($parm1, $parm2);
for ($i = 0; $i < sizeof($parm); $i++) {
$pattern = '/';
for ($j = 0; $j < strlen($parm[$i]); $j++) {
if ($j > 0) {
$pattern .= '(';
$pattern .= '(&#[x|X]0([9][a][b]);?)?';
$pattern .= '|(�([9][10][13]);?)?';
$pattern .= ')?';
}
$pattern .= $parm[$i][$j];
}
$pattern .= '/i';
$string = preg_replace($pattern, ' ', $string);
}
return $string;
}
/**
* 过滤ASCII码从0-28的控制字符
* @return String
*/
function trim_unsafe_control_chars($str) {
$rule = '/[' . chr ( 1 ) . '-' . chr ( 8 ) . chr ( 11 ) . '-' . chr ( 12 ) . chr ( 14 ) . '-' . chr ( 31 ) . ']*/';
return str_replace ( chr ( 0 ), '', preg_replace ( $rule, '', $str ) );
}
/**
* 格式化文本域内容
*
* @param $string 文本域内容
* @return string
*/
function trim_textarea($string) {
$string = nl2br ( str_replace ( ' ', ' ', $string ) );
return $string;
}
/**
* 将文本格式成适合js输出的字符串
* @param string $string 需要处理的字符串
* @param intval $isjs 是否执行字符串格式化,默认为执行
* @return string 处理后的字符串
*/
function format_js($string, $isjs = 1) {
$string = addslashes(str_replace(array("\r", "\n", "\t"), array('', '', ''), $string));
return $isjs ? 'document.write("'.$string.'");' : $string;
}
/**
* 转义 javascript 代码标记
*
* @param $str
* @return mixed
*/
function trim_script($str) {
if(is_array($str)){
foreach ($str as $key => $val){
$str[$key] = trim_script($val);
}
}else{
$str = preg_replace ( '/\<([\/]?)script([^\>]*?)\>/si', '<\\1script\\2>', $str );
$str = preg_replace ( '/\<([\/]?)iframe([^\>]*?)\>/si', '<\\1iframe\\2>', $str );
$str = preg_replace ( '/\<([\/]?)frame([^\>]*?)\>/si', '<\\1frame\\2>', $str );
$str = str_replace ( 'javascript:', 'javascript:', $str );
}
return $str;
}
/**
* 获取当前页面完整URL地址
*/
function get_url() {
$sys_protocal = isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == '443' ? 'https://' : 'http://';
$php_self = $_SERVER['PHP_SELF'] ? safe_replace($_SERVER['PHP_SELF']) : safe_replace($_SERVER['SCRIPT_NAME']);
$path_info = isset($_SERVER['PATH_INFO']) ? safe_replace($_SERVER['PATH_INFO']) : '';
$relate_url = isset($_SERVER['REQUEST_URI']) ? safe_replace($_SERVER['REQUEST_URI']) : $php_self.(isset($_SERVER['QUERY_STRING']) ? '?'.safe_replace($_SERVER['QUERY_STRING']) : $path_info);
return $sys_protocal.(isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '').$relate_url;
}
/**
* 字符截取 支持UTF8/GBK
* @param $string
* @param $length
* @param $dot
*/
function str_cut($string, $length, $dot = '...') {
$strlen = strlen($string);
if($strlen <= $length) return $string;
$string = str_replace(array(' ',' ', '&', '"', ''', '“', '”', '—', '<', '>', '·', '…'), array('∵',' ', '&', '"', "'", '“', '”', '—', '<', '>', '·', '…'), $string);
$strcut = '';
if(strtolower(CHARSET) == 'utf-8') {
$length = intval($length-strlen($dot)-$length/3);
$n = $tn = $noc = 0;
while($n < strlen($string)) {
$t = ord($string[$n]);
if($t == 9 || $t == 10 || (32 <= $t && $t <= 126)) {
$tn = 1; $n++; $noc++;
} elseif(194 <= $t && $t <= 223) {
$tn = 2; $n += 2; $noc += 2;
} elseif(224 <= $t && $t <= 239) {
$tn = 3; $n += 3; $noc += 2;
} elseif(240 <= $t && $t <= 247) {
$tn = 4; $n += 4; $noc += 2;
} elseif(248 <= $t && $t <= 251) {
$tn = 5; $n += 5; $noc += 2;
} elseif($t == 252 || $t == 253) {
$tn = 6; $n += 6; $noc += 2;
} else {
$n++;
}
if($noc >= $length) {
break;
}
}
if($noc > $length) {
$n -= $tn;
}
$strcut = substr($string, 0, $n);
$strcut = str_replace(array('∵', '&', '"', "'", '“', '”', '—', '<', '>', '·', '…'), array(' ', '&', '"', ''', '“', '”', '—', '<', '>', '·', '…'), $strcut);
} else {
$dotlen = strlen($dot);
$maxi = $length - $dotlen - 1;
$current_str = '';
$search_arr = array('&',' ', '"', "'", '“', '”', '—', '<', '>', '·', '…','∵');
$replace_arr = array('&',' ', '"', ''', '“', '”', '—', '<', '>', '·', '…',' ');
$search_flip = array_flip($search_arr);
for ($i = 0; $i < $maxi; $i++) {
$current_str = ord($string[$i]) > 127 ? $string[$i].$string[++$i] : $string[$i];
if (in_array($current_str, $search_arr)) {
$key = $search_flip[$current_str];
$current_str = str_replace($search_arr[$key], $replace_arr[$key], $current_str);
}
$strcut .= $current_str;
}
}
return $strcut.$dot;
}
/**
* 获取请求ip
*
* @return ip地址
*/
function ip() {
if(getenv('HTTP_CLIENT_IP') && strcasecmp(getenv('HTTP_CLIENT_IP'), 'unknown')) {
$ip = getenv('HTTP_CLIENT_IP');
} elseif(getenv('HTTP_X_FORWARDED_FOR') && strcasecmp(getenv('HTTP_X_FORWARDED_FOR'), 'unknown')) {
$ip = getenv('HTTP_X_FORWARDED_FOR');
} elseif(getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')) {
$ip = getenv('REMOTE_ADDR');
} elseif(isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')) {
$ip = $_SERVER['REMOTE_ADDR'];
}
return preg_match ( '/[\d\.]{7,15}/', $ip, $matches ) ? $matches [0] : '';
}
function get_cost_time() {
$microtime = microtime ( TRUE );
return $microtime - SYS_START_TIME;
}
/**
* 程序执行时间
*
* @return int 单位ms
*/
function execute_time() {
$stime = explode ( ' ', SYS_START_TIME );
$etime = explode ( ' ', microtime () );
return number_format ( ($etime [1] + $etime [0] - $stime [1] - $stime [0]), 6 );
}
/**
* 将字符串转换为数组
*
* @param string $data 字符串
* @return array 返回数组格式,如果,data为空,则返回空数组
*/
function string2array($data) {
if($data == '') return array();
$data = stripslashes($data);
@eval("\$array = $data;");
return $array;
}
/**
* 将数组转换为字符串
*
* @param array $data 数组
* @param bool $isformdata 如果为0,则不使用new_stripslashes处理,可选参数,默认为1
* @return string 返回字符串,如果,data为空,则返回空
*/
function array2string($data, $isformdata = 1) {
if($data == '') return '';
if($isformdata) $data = new_stripslashes($data);
return addslashes(var_export($data, TRUE));
}
/**
* 转换字节数为其他单位
*
*
* @param string $filesize 字节大小
* @return string 返回大小
*/
function sizecount($filesize) {
if ($filesize >= 1073741824) {
$filesize = round($filesize / 1073741824 * 100) / 100 .' GB';
} elseif ($filesize >= 1048576) {
$filesize = round($filesize / 1048576 * 100) / 100 .' MB';
} elseif($filesize >= 1024) {
$filesize = round($filesize / 1024 * 100) / 100 . ' KB';
} else {
$filesize = $filesize.' Bytes';
}
return $filesize;
}
/**
* 字符串加密、解密函数
*
*
* @param string $txt 字符串
* @param string $operation ENCODE为加密,DECODE为解密,可选参数,默认为ENCODE,
* @param string $key 密钥:数字、字母、下划线
* @param string $expiry 过期时间
* @return string
*/
function sys_auth($string, $operation = 'ENCODE', $key = '', $expiry = 0) {
$key_length = 4;
$key = md5($key != '' ? $key : app_base::load_config('system', 'auth_key'));
$fixedkey = md5($key);
$egiskeys = md5(substr($fixedkey, 16, 16));
$runtokey = $key_length ? ($operation == 'ENCODE' ? substr(md5(microtime(true)), -$key_length) : substr($string, 0, $key_length)) : '';
$keys = md5(substr($runtokey, 0, 16) . substr($fixedkey, 0, 16) . substr($runtokey, 16) . substr($fixedkey, 16));
$string = $operation == 'ENCODE' ? sprintf('%010d', $expiry ? $expiry + time() : 0).substr(md5($string.$egiskeys), 0, 16) . $string : base64_decode(substr($string, $key_length));
$i = 0; $result = '';
$string_length = strlen($string);
for ($i = 0; $i < $string_length; $i++){
$result .= chr(ord($string{$i}) ^ ord($keys{$i % 32}));
}
if($operation == 'ENCODE') {
return $runtokey . str_replace('=', '', base64_encode($result));
} else {
if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26).$egiskeys), 0, 16)) {
return substr($result, 26);
} else {
return '';
}
}
}
/**
* 语言文件处理
*
* @param string $language 标示符
* @param array $pars 转义的数组,二维数组 ,'key1'=>'value1','key2'=>'value2',
* @param string $modules 多个模块之间用半角逗号隔开,如:member,guestbook
* @return string 语言字符
*/
function L($language = 'no_language',$pars = array(), $modules = '') {
static $LANG = array();
static $LANG_MODULES = array();
static $lang = '';
if(defined('IN_ADMIN')) {
$lang = SYS_STYLE ? SYS_STYLE : 'zh-cn';
} else {
$lang = app_base::load_config('system','lang');
}
if(!$LANG) {
require_once CODE_PATH.'languages'.DIRECTORY_SEPARATOR.$lang.DIRECTORY_SEPARATOR.'system.lang.php';
if(defined('IN_ADMIN')) require_once CODE_PATH.'languages'.DIRECTORY_SEPARATOR.$lang.DIRECTORY_SEPARATOR.'system_menu.lang.php';
if(file_exists(CODE_PATH.'languages'.DIRECTORY_SEPARATOR.$lang.DIRECTORY_SEPARATOR.ROUTE_M.'.lang.php')) require_once CODE_PATH.'languages'.DIRECTORY_SEPARATOR.$lang.DIRECTORY_SEPARATOR.ROUTE_M.'.lang.php';
}
if(!empty($modules)) {
$modules = explode(',',$modules);
foreach($modules AS $m) {
if(!isset($LANG_MODULES[$m])) require_once CODE_PATH.'languages'.DIRECTORY_SEPARATOR.$lang.DIRECTORY_SEPARATOR.$m.'.lang.php';
}
}
if(!array_key_exists($language,$LANG)) {
return $language;
} else {
$language = $LANG[$language];
if($pars) {
foreach($pars AS $_k=>$_v) {
$language = str_replace('{'.$_k.'}',$_v,$language);
}
}
return $language;
}
}
/**
* 模板调用
*
* @param $module
* @param $template
* @param $istag
* @return unknown_type
*/
function template($module = 'content', $template = 'index', $style = '') {
if(strpos($module, 'plugin/')!== false) {
$plugin = str_replace('plugin/', '', $module);
return p_template($plugin, $template,$style);
}
$module = str_replace('/', DIRECTORY_SEPARATOR, $module);
if(!empty($style) && preg_match('/([a-z0-9\-_]+)/is',$style)) {
} elseif (empty($style) && !defined('STYLE')) {
if(defined('SITEID')) {
$siteid = SITEID;
} else {
$siteid = param::get_cookie('siteid');
}
if (!$siteid) $siteid = 1;
$sitelist = getcache('sitelist','commons');
if(!empty($siteid)) {
$style = $sitelist[$siteid]['default_style'];
}
} elseif (empty($style) && defined('STYLE')) {
$style = STYLE;
} else {
$style = 'default';
}
if(!$style) $style = 'default';
$template_cache = app_base::load_sys_class('template_cache');
$compiledtplfile = ROOT_PATH.'caches'.DIRECTORY_SEPARATOR.'caches_template'.DIRECTORY_SEPARATOR.$style.DIRECTORY_SEPARATOR.$module.DIRECTORY_SEPARATOR.$template.'.php';
if(file_exists(CODE_PATH.'templates'.DIRECTORY_SEPARATOR.$style.DIRECTORY_SEPARATOR.$module.DIRECTORY_SEPARATOR.$template.'.html')) {
if(!file_exists($compiledtplfile) || (@filemtime(CODE_PATH.'templates'.DIRECTORY_SEPARATOR.$style.DIRECTORY_SEPARATOR.$module.DIRECTORY_SEPARATOR.$template.'.html') > @filemtime($compiledtplfile))) {
$template_cache->template_compile($module, $template, $style);
}
} else {
$compiledtplfile = ROOT_PATH.'caches'.DIRECTORY_SEPARATOR.'caches_template'.DIRECTORY_SEPARATOR.'default'.DIRECTORY_SEPARATOR.$module.DIRECTORY_SEPARATOR.$template.'.php';
if(!file_exists($compiledtplfile) || (file_exists(CODE_PATH.'templates'.DIRECTORY_SEPARATOR.'default'.DIRECTORY_SEPARATOR.$module.DIRECTORY_SEPARATOR.$template.'.html') && filemtime(CODE_PATH.'templates'.DIRECTORY_SEPARATOR.'default'.DIRECTORY_SEPARATOR.$module.DIRECTORY_SEPARATOR.$template.'.html') > filemtime($compiledtplfile))) {
$template_cache->template_compile($module, $template, 'default');
} elseif (!file_exists(CODE_PATH.'templates'.DIRECTORY_SEPARATOR.'default'.DIRECTORY_SEPARATOR.$module.DIRECTORY_SEPARATOR.$template.'.html')) {
showmessage('Template does not exist.'.DIRECTORY_SEPARATOR.$style.DIRECTORY_SEPARATOR.$module.DIRECTORY_SEPARATOR.$template.'.html');
}
}
return $compiledtplfile;
}
/**
* 输出自定义错误
*
* @param $errno 错误号
* @param $errstr 错误描述
* @param $errfile 报错文件地址
* @param $errline 错误行号
* @return string 错误提示
*/
function my_error_handler($errno, $errstr, $errfile, $errline) {
if($errno==8) return '';
$errfile = str_replace(ROOT_PATH,'',$errfile);
if(app_base::load_config('system','errorlog')) {
error_log('<?php exit;?>'.date('m-d H:i:s',SYS_TIME).' | '.$errno.' | '.str_pad($errstr,30).' | '.$errfile.' | '.$errline."\r\n", 3, CACHE_PATH.'error_log.php');
} else {
$str = '<div style="font-size:12px;text-align:left; border-bottom:1px solid #9cc9e0; border-right:1px solid #9cc9e0;padding:1px 4px;color:#000000;font-family:Arial, Helvetica,sans-serif;"><span>errorno:' . $errno . ',str:' . $errstr . ',file:<font color="blue">' . $errfile . '</font>,line' . $errline .'<br />Need Help?</span></div>';
echo $str;
}
}
/**
* 提示信息页面跳转,跳转地址如果传入数组,页面会提示多个地址供用户选择,默认跳转地址为数组的第一个值,时间为5秒。
* showmessage('登录成功', array('默认跳转地址'=>'http://www.baidu.com'));
* @param string $msg 提示信息
* @param mixed(string/array) $url_forward 跳转地址
* @param int $ms 跳转等待时间
*/
function showmessage($msg, $url_forward = 'goback', $ms = 1250, $dialog = '', $returnjs = '') {
if(defined('IN_ADMIN')) {
include(admin::admin_tpl('showmessage', 'admin'));
} else {
include(template('content', 'message'));
}
exit;
}
/**
* 查询字符是否存在于某字符串
*
* @param $haystack 字符串
* @param $needle 要查找的字符
* @return bool
*/
function str_exists($haystack, $needle)
{
return !(strpos($haystack, $needle) === FALSE);
}
/**
* 取得文件扩展
*
* @param $filename 文件名
* @return 扩展名
*/
function fileext($filename) {
return strtolower(trim(substr(strrchr($filename, '.'), 1, 10)));
}
/**
* 加载模板标签缓存
* @param string $name 缓存名
* @param integer $times 缓存时间
*/
function tpl_cache($name,$times = 0) {
$filepath = 'tpl_data';
$info = getcacheinfo($name, $filepath);
if (SYS_TIME - $info['filemtime'] >= $times) {
return false;
} else {
return getcache($name,$filepath);
}
}
/**
* 写入缓存,默认为文件缓存,不加载缓存配置。
* @param $name 缓存名称
* @param $data 缓存数据
* @param $filepath 数据路径(模块名称) caches/cache_$filepath/
* @param $type 缓存类型[file,memcache,apc]
* @param $config 配置名称
* @param $timeout 过期时间
*/
function setcache($name, $data, $filepath='', $type='file', $c AND ', $in_column = false) {
if($in_column && is_array($data)) {
$ids = '\''.implode('\',\'', $data).'\'';
$sql = "$in_column IN ($ids)";
return $sql;
} else {
if ($front == '') {
$front = ' AND ';
}
if(is_array($data) && count($data) > 0) {
$sql = '';
foreach ($data as $key => $val) {
$sql .= $sql ? " $front $key = '$val' " : " $key = '$val' ";
}
return $sql;
} else {
return $data;
}
}
}
/**
* 分页函数
*
* @param $num 信息总数
* @param $curr_page 当前分页
* @param $perpage 每页显示数
* @param $urlrule URL规则
* @param $array 需要传递的数组,用于增加额外的方法
* @return 分页
*/
function pages($num, $curr_page, $perpage = 20, $urlrule = '', $array = array(),$setpages = 10) {
if(defined('URLRULE') && $urlrule == '') {
$urlrule = URLRULE;
$array = $GLOBALS['URL_ARRAY'];
} elseif($urlrule == '') {
$urlrule = url_par('page={$page}');
}
$multipage = '';
if($num > $perpage) {
$page = $setpages+1;
$offset = ceil($setpages/2-1);
$pages = ceil($num / $perpage);
if (defined('IN_ADMIN') && !defined('PAGES')) define('PAGES', $pages);
$from = $curr_page - $offset;
$to = $curr_page + $offset;
$more = 0;
if($page >= $pages) {
$from = 2;
$to = $pages-1;
} else {
if($from <= 1) {
$to = $page-1;
$from = 2;
} elseif($to >= $pages) {
$from = $pages-($page-2);
$to = $pages-1;
}
$more = 1;
}
//$multipage .= '<a class="a1">'.$num.L('page_item').'</a>';
if($curr_page>0) {
$multipage .= ' <a href="'.pageurl($urlrule, $curr_page-1, $array).'" class="a1">'.L('previous').'</a>';
if($curr_page==1) {
$multipage .= ' <span>1</span>';
} elseif($curr_page>6 && $more) {
$multipage .= ' <a href="'.pageurl($urlrule, 1, $array).'">1</a>..';
} else {
$multipage .= ' <a href="'.pageurl($urlrule, 1, $array).'">1</a>';
}
}
for($i = $from; $i <= $to; $i++) {
if($i != $curr_page) {
$multipage .= ' <a href="'.pageurl($urlrule, $i, $array).'">'.$i.'</a>';
} else {
$multipage .= ' <span>'.$i.'</span>';
}
}
if($curr_page<$pages) {
if($curr_page<$pages-5 && $more) {
$multipage .= ' ..<a href="'.pageurl($urlrule, $pages, $array).'">'.$pages.'</a> <a href="'.pageurl($urlrule, $curr_page+1, $array).'" class="a1">'.L('next').'</a>';
} else {
$multipage .= ' <a href="'.pageurl($urlrule, $pages, $array).'">'.$pages.'</a> <a href="'.pageurl($urlrule, $curr_page+1, $array).'" class="a1">'.L('next').'</a>';
}
} elseif($curr_page==$pages) {
$multipage .= ' <span>'.$pages.'</span> <a href="'.pageurl($urlrule, $curr_page, $array).'" class="a1">'.L('next').'</a>';
} else {
$multipage .= ' <a href="'.pageurl($urlrule, $pages, $array).'">'.$pages.'</a> <a href="'.pageurl($urlrule, $curr_page+1, $array).'" class="a1">'.L('next').'</a>';
}
}
return $multipage;
}
function pages1($num, $curr_page, $perpage = 20, $urlrule = '', $array = array(),$setpages = 10) {
if(defined('URLRULE') && $urlrule == '') {
$urlrule = URLRULE;
$array = $GLOBALS['URL_ARRAY'];
} elseif($urlrule == '') {
$urlrule = url_par('page={$page}');
}
$multipage = '';
if($num > $perpage) {
$page = $setpages+1;
$offset = ceil($setpages/2-1);
$pages = ceil($num / $perpage);
if (defined('IN_ADMIN') && !defined('PAGES')) define('PAGES', $pages);
$from = $curr_page - $offset;
$to = $curr_page + $offset;
$more = 0;
if($page >= $pages) {
$from = 2;
$to = $pages-1;
} else {
if($from <= 1) {
$to = $page-1;
$from = 2;
} elseif($to >= $pages) {
$from = $pages-($page-2);
$to = $pages-1;
}
$more = 1;
}
//$multipage .= '<a class="a1">'.$num.L('page_item').'</a>';
if($curr_page>0) {
$multipage .= ' <a href="###" class="a1">'.L('previous').'</a>';
if($curr_page==1) {
$multipage .= ' <span>1</span>';
} elseif($curr_page>6 && $more) {
$multipage .= ' <a href="###" /a>..';
} else {
$multipage .= ' <a href="###" /a>';
}
}
for($i = $from; $i <= $to; $i++) {
if($i != $curr_page) {
$multipage .= ' <a href="###" /a>';
} else {
$multipage .= ' <span>'.$i.'</span>';
}
}
if($curr_page<$pages) {
if($curr_page<$pages-5 && $more) {
$multipage .= ' ..<a href="###" /a> <a href="###" class="a1">'.L('next').'</a>';
} else {
$multipage .= ' <a href="###" /a> <a href="###" class="a1">'.L('next').'</a>';
}
} elseif($curr_page==$pages) {
$multipage .= ' <span>'.$pages.'</span> <a href="###" class="a1">'.L('next').'</a>';
} else {
$multipage .= ' <a href="###" /a> <a href="###" class="a1">'.L('next').'</a>';
}
}
return $multipage;
}
function pages2($num, $curr_page, $pages, $urlrule = '', $array = array(),$setpages = 10) {
if(defined('URLRULE') && $urlrule == '') {
$urlrule = URLRULE;
$array = $GLOBALS['URL_ARRAY'];
} elseif($urlrule == '') {
$urlrule = url_par('page={$page}');
}
$multipage = '';
if($pages > 1) {
$page = $setpages+1;
$offset = ceil($setpages/2-1);
if (defined('IN_ADMIN') && !defined('PAGES')) define('PAGES', $pages);
$from = $curr_page - $offset;
$to = $curr_page + $offset;
$more = 0;
if($page >= $pages) {
$from = 2;
$to = $pages-1;
} else {
if($from <= 1) {
$to = $page-1;
$from = 2;
} elseif($to >= $pages) {
$from = $pages-($page-2);
$to = $pages-1;
}
$more = 1;
}
//$multipage .= '<a class="a1">'.$num.L('page_item').'</a>';
if($curr_page>0) {
$multipage .= ' <a href="###" class="a1">'.L('previous').'</a>';
if($curr_page==1) {
$multipage .= ' <span>1</span>';
} elseif($curr_page>6 && $more) {
$multipage .= ' <a href="###" /a>..';
} else {
$multipage .= ' <a href="###" /a>';
}
}
for($i = $from; $i <= $to; $i++) {
if($i != $curr_page) {
$multipage .= ' <a href="###" /a>';
} else {
$multipage .= ' <span>'.$i.'</span>';
}
}
if($curr_page<$pages) {
if($curr_page<$pages-5 && $more) {
$multipage .= ' ..<a href="###" /a> <a href="###" class="a1">'.L('next').'</a>';
} else {
$multipage .= ' <a href="###" /a> <a href="###" class="a1">'.L('next').'</a>';
}
} elseif($curr_page==$pages) {
$multipage .= ' <span>'.$pages.'</span> <a href="###" class="a1">'.L('next').'</a>';
} else {
$multipage .= ' <a href="###" /a> <a href="###" class="a1">'.L('next').'</a>';
}
}
return $multipage;
}
/**
* 返回分页路径
*
* @param $urlrule 分页规则
* @param $page 当前页
* @param $array 需要传递的数组,用于增加额外的方法
* @return 完整的URL路径
*/
function pageurl($urlrule, $page, $array = array()) {
if(strpos($urlrule, '~')) {
$urlrules = explode('~', $urlrule);
$urlrule = $page < 2 ? $urlrules[0] : $urlrules[1];
}
$findme = array('{$page}');
$replaceme = array($page);
if (is_array($array)) foreach ($array as $k=>$v) {
$findme[] = '{$'.$k.'}';
$replaceme[] = $v;
}
$url = str_replace($findme, $replaceme, $urlrule);
$url = str_replace(array('http://','//','~'), array('~','/','http://'), $url);
return $url;
}
/**
* URL路径解析,pages 函数的辅助函数
*
* @param $par 传入需要解析的变量 默认为,page={$page}
* @param $url URL地址
* @return URL
*/
function url_par($par, $url = '') {
if($url == '') $url = get_url();
$pos = strpos($url, '?');
if($pos === false) {
$url .= '?'.$par;
} else {
$querystring = substr(strstr($url, '?'), 1);
parse_str($querystring, $pars);
$query_array = array();
foreach($pars as $k=>$v) {
if($k != 'page') $query_array[$k] = $v;
}
$querystring = http_build_query($query_array).'&'.$par;
$url = substr($url, 0, $pos).'?'.$querystring;
}
return $url;
}
/**
* 判断email格式是否正确
* @param $email
*/
function is_email($email) {
return strlen($email) > 6 && preg_match("/^[\w\-\.]+@[\w\-\.]+(\.\w+)+$/", $email);
}
/**
* iconv 编辑转换
*/
if (!function_exists('iconv')) {
function iconv($in_charset, $out_charset, $str) {
$in_charset = strtoupper($in_charset);
$out_charset = strtoupper($out_charset);
if (function_exists('mb_convert_encoding')) {
return mb_convert_encoding($str, $out_charset, $in_charset);
} else {
app_base::load_sys_func('iconv');
$in_charset = strtoupper($in_charset);
$out_charset = strtoupper($out_charset);
if ($in_charset == 'UTF-8' && ($out_charset == 'GBK' || $out_charset == 'GB2312')) {
return utf8_to_gbk($str);
}
if (($in_charset == 'GBK' || $in_charset == 'GB2312') && $out_charset == 'UTF-8') {
return gbk_to_utf8($str);
}
return $str;
}
}
}
/**
* 代码广告展示函数
* @param intval $siteid 所属站点
* @param intval $id 广告ID
* @return 返回广告代码
*/
function show_ad($siteid, $id) {
$siteid = intval($siteid);
$id = intval($id);
if(!$id || !$siteid) return false;
$p = app_base::load_model('poster_model');
$r = $p->get_one(array('spaceid'=>$id, 'siteid'=>$siteid), 'disabled, setting', 'id ASC');
if ($r['disabled']) return '';
if ($r['setting']) {
$c = string2array($r['setting']);
} else {
$r['code'] = '';
}
return $c['code'];
}
/**
* 获取当前的站点ID
*/
function get_siteid() {
static $siteid;
if (!empty($siteid)) return $siteid;
if (defined('IN_ADMIN')) {
if ($d = param::get_cookie('siteid')) {
$siteid = $d;
} else {
return '';
}
} else {
$data = getcache('sitelist', 'commons');
if(!is_array($data)) return '1';
$site_url = SITE_PROTOCOL.SITE_URL;
foreach ($data as $v) {
if ($v['url'] == $site_url.'/') $siteid = $v['siteid'];
}
}
if (empty($siteid)) $siteid = 1;
return $siteid;
}
/**
* 获取用户昵称
* 不传入userid取当前用户nickname,如果nickname为空取username
* 传入field,取用户$field字段信息
*/
function get_nickname($userid='', $field='') {
$return = '';
if(is_numeric($userid)) {
$member_db = app_base::load_model('member_model');
$memberinfo = $member_db->get_one(array('userid'=>$userid));
if(!empty($field) && $field != 'nickname' && isset($memberinfo[$field]) &&!empty($memberinfo[$field])) {
$return = $memberinfo[$field];
} else {
$return = isset($memberinfo['nickname']) && !empty($memberinfo['nickname']) ? $memberinfo['nickname'].'('.$memberinfo['username'].')' : $memberinfo['username'];
}
} else {
if (param::get_cookie('_nickname')) {
$return .= '('.param::get_cookie('_nickname').')';
} else {
$return .= '('.param::get_cookie('_username').')';
}
}
return $return;
}
/**
* 获取用户信息
* 不传入$field返回用户所有信息,
* 传入field,取用户$field字段信息
*/
function get_memberinfo($userid, $field='') {
if(!is_numeric($userid)) {
return false;
} else {
static $memberinfo;
if (!isset($memberinfo[$userid])) {
$member_db = app_base::load_model('member_model');
$memberinfo[$userid] = $member_db->get_one(array('userid'=>$userid));
}
if(!empty($field) && !empty($memberinfo[$userid][$field])) {
return $memberinfo[$userid][$field];
} else {
return $memberinfo[$userid];
}
}
}
/**
* 通过 username 值,获取用户所有信息
* 获取用户信息
* 不传入$field返回用户所有信息,
* 传入field,取用户$field字段信息
*/
function get_memberinfo_buyusername($username, $field='') {
if(empty($username)){return false;}
static $memberinfo;
if (!isset($memberinfo[$username])) {
$member_db = app_base::load_model('member_model');
$memberinfo[$username] = $member_db->get_one(array('username'=>$username));
}
if(!empty($field) && !empty($memberinfo[$username][$field])) {
return $memberinfo[$username][$field];
} else {
return $memberinfo[$username];
}
}
/**
* 调用关联菜单
* @param $linkageid 联动菜单id
* @param $id 生成联动菜单的样式id
* @param $defaultvalue 默认值
*/
function menu_linkage($linkageid = 0, $id = 'linkid', $defaultvalue = 0, $defaultlabel = array()) {
$linkageid = intval($linkageid);
$datas = array();
$datas = getcache($linkageid,'linkage');
$infos = $datas['data'];
if($datas['style']=='1') {
$title = $datas['title'];
$container = 'content'.create_randomnum(100, 999).date('is');
if(!defined('DIALOG_INIT_1')) {
define('DIALOG_INIT_1', 1);
$string .= '<script type="text/javascript" src="'.JS_PATH.'dialog.js"></script>';
//TODO $string .= '<link href="'.CSS_PATH.'dialog.css" rel="stylesheet" type="text/css">';
}
if(!defined('LINKAGE_INIT_1')) {
define('LINKAGE_INIT_1', 1);
$string .= '<script type="text/javascript" src="'.JS_PATH.'linkage/js/pop.js"></script>';
}
$var_div = $defaultvalue && (ROUTE_A=='edit' || ROUTE_A=='account_manage_info' || ROUTE_A=='info_publish' || ROUTE_A=='orderinfo') ? menu_linkage_level($defaultvalue,$linkageid,$infos) : $datas['title'];
$var_input = $defaultvalue && (ROUTE_A=='edit' || ROUTE_A=='account_manage_info' || ROUTE_A=='info_publish') ? '<input type="hidden" name="info['.$id.']" value="'.$defaultvalue.'">' : '<input type="hidden" name="info['.$id.']" value="">';
$string .= '<div name="'.$id.'" value="" id="'.$id.'" class="ib">'.$var_div.'</div>'.$var_input.' <input type="button" name="btn_'.$id.'" class="button" value="'.L('linkage_select').'" > $string .= '<script type="text/javascript">';
$string .= 'var returnid_'.$id.'= \''.$id.'\';';
$string .= 'var returnkeyid_'.$id.' = \''.$linkageid.'\';';
$string .= 'var '.$container.' = new Array(';
foreach($infos AS $k=>$v) {
if($v['parentid'] == 0) {
$s[]='new Array(\''.$v['linkageid'].'\',\''.$v['name'].'\',\''.$v['parentid'].'\')';
} else {
continue;
}
}
$s = implode(',',$s);
$string .=$s;
$string .= ')';
$string .= '</script>';
} elseif($datas['style']=='2') {
if(!defined('LINKAGE_INIT_1')) {
define('LINKAGE_INIT_1', 1);
$string .= '<script type="text/javascript" src="'.JS_PATH.'linkage/js/jquery.ld.js"></script>';
}
$default_txt = '';
if($defaultvalue) {
$default_txt = menu_linkage_level($defaultvalue,$linkageid,$infos);
$default_txt = '["'.str_replace(' > ','","',$default_txt).'"]';
}
$string .= $defaultvalue && (ROUTE_A=='edit' || ROUTE_A=='account_manage_info' || ROUTE_A=='info_publish') ? '<input type="hidden" name="info['.$id.']" id="'.$id.'" value="'.$defaultvalue.'">' : '<input type="hidden" name="info['.$id.']" id="'.$id.'" value="">';
for($i=1;$i<=$datas['setting']['level'];$i++) {
$txt = isset($defaultlabel[$i]) ? $defaultlabel[$i] : '请选择';
$string .='<select class="pc-select-'.$id.'" name="'.$id.'-'.$i.'" id="'.$id.'-'.$i.'" width="100"><option value="">' . $txt . '</option></select> ';
}
$string .= '<script type="text/javascript">
$(function(){
var $ld5 = $(".pc-select-'.$id.'");
$ld5.ld({ajaxOptions : {"url" : "'.APP_PATH.'api.php?op=get_linkage&act=ajax_select&keyid='.$linkageid.'"},defaultParentId : 0,style : {"width" : 120}})
var ld5_api = $ld5.ld("api");
//ld5_api.selected('.$default_txt.');
$ld5.bind("change",onchange);
function onchange(e){
var $target = $(e.target);
var index = $ld5.index($target);
$("#'.$id.'-'.$i.'").remove();
$("#'.$id.'").val($ld5.eq(index).show().val());
index ++;
$ld5.eq(index).show(); }
})
</script>';
} else {
$title = $defaultvalue ? $infos[$defaultvalue]['name'] : $datas['title'];
$colObj = create_randomnum(100, 999).date('is');
$string = '';
if(!defined('LINKAGE_INIT')) {
define('LINKAGE_INIT', 1);
$string .= '<script type="text/javascript" src="'.JS_PATH.'linkage/js/mln.colselect.js"></script>';
if(defined('IN_ADMIN')) {
$string .= '<link href="'.JS_PATH.'linkage/style/admin.css" rel="stylesheet" type="text/css">';
} else {
$string .= '<link href="'.JS_PATH.'linkage/style/css.css" rel="stylesheet" type="text/css">';
}
}
$string .= '<input type="hidden" name="info['.$id.']" value="1"><div id="'.$id.'"></div>';
$string .= '<script type="text/javascript">';
$string .= 'var colObj'.$colObj.' = {"Items":[';
foreach($infos AS $k=>$v) {
$s .= '{"name":"'.$v['name'].'","topid":"'.$v['parentid'].'","colid":"'.$k.'","value":"'.$k.'","fun":function(){}},';
}
$string .= substr($s, 0, -1);
$string .= ']};';
$string .= '$("#'.$id.'").mlnColsel(colObj'.$colObj.',{';
$string .= 'title:"'.$title.'",';
$string .= 'value:"'.$defaultvalue.'",';
$string .= 'width:100';
$string .= '});';
$string .= '</script>';
}
return $string;
}
/**
* 联动菜单层级
*/
function menu_linkage_level($linkageid,$keyid,$infos,$result=array()) {
if(array_key_exists($linkageid,$infos)) {
$result[]=$infos[$linkageid]['name'];
return menu_linkage_level($infos[$linkageid]['parentid'],$keyid,$infos,$result);
}
krsort($result);
return implode(' > ',$result);
}
/**
* 通过catid获取显示菜单完整结构
* @param $menuid 菜单ID
* @param $cache_file 菜单缓存文件名称
* @param $cache_path 缓存文件目录
* @param $key 取得缓存值的键值名称
* @param $parentkey 父级的ID
* @param $linkstring 链接字符
*/
function menu_level($menuid, $cache_file, $cache_path = 'commons', $key = 'catname', $parentkey = 'parentid', $linkstring = ' > ', $result=array()) {
$menu_arr = getcache($cache_file, $cache_path);
if (array_key_exists($menuid, $menu_arr)) {
$result[] = $menu_arr[$menuid][$key];
return menu_level($menu_arr[$menuid][$parentkey], $cache_file, $cache_path, $key, $parentkey, $linkstring, $result);
}
krsort($result);
return implode($linkstring, $result);
}
/**
* 通过id获取显示联动菜单
* @param $linkageid 联动菜单ID
* @param $keyid 菜单keyid
* @param $space 菜单间隔符
* @param $tyoe 1 返回间隔符链接,完整路径名称 3 返回完整路径数组,2返回当前联动菜单名称,4 直接返回ID
* @param $result 递归使用字段1
* @param $infos 递归使用字段2
*/
function get_linkage($linkageid, $keyid, $space = '>', $type = 1, $result = array(), $infos = array()) {
if($space=='' || !isset($space))$space = '>';
if(!$infos) {
$datas = getcache($keyid,'linkage');
$infos = $datas['data'];
}
if($type == 1 || $type == 3 || $type == 4) {
if(array_key_exists($linkageid,$infos)) {
$result[]= ($type == 1) ? $infos[$linkageid]['name'] : (($type == 4) ? $linkageid :$infos[$linkageid]);
return get_linkage($infos[$linkageid]['parentid'], $keyid, $space, $type, $result, $infos);
} else {
if(count($result)>0) {
krsort($result);
if($type == 1 || $type == 4) $result = implode($space,$result);
return $result;
} else {
return $result;
}
}
} else {
return $infos[$linkageid]['name'];
}
}
/**
* IE浏览器判断
*/
function is_ie() {
$useragent = strtolower($_SERVER['HTTP_USER_AGENT']);
if((strpos($useragent, 'opera') !== false) || (strpos($useragent, 'konqueror') !== false)) return false;
if(strpos($useragent, 'msie ') !== false) return true;
return false;
}
/**
* 文件下载
* @param $filepath 文件路径
* @param $filename 文件名称
*/
function file_down($filepath, $filename = '') {
if(!$filename) $filename = basename($filepath);
if(is_ie()) $filename = rawurlencode($filename);
$filetype = fileext($filename);
$filesize = sprintf("%u", filesize($filepath));
if(ob_get_length() !== false) @ob_end_clean();
header('Pragma: public');
header('Last-Modified: '.gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: pre-check=0, post-check=0, max-age=0');
header('Content-Transfer-Encoding: binary');
header('Content-Encoding: none');
header('Content-type: '.$filetype);
header('Content-Disposition: attachment; filename="'.$filename.'"');
header('Content-length: '.$filesize);
readfile($filepath);
exit;
}
/**
* 判断字符串是否为utf8编码,英文和半角字符返回ture
* @param $string
* @return bool
*/
function is_utf8($string) {
return preg_match('%^(?:
[\x09\x0A\x0D\x20-\x7E] # ASCII
| [\xC2-\xDF][\x80-\xBF] # non-overlong 2-byte
| \xE0[\xA0-\xBF][\x80-\xBF] # excluding overlongs
| [\xE1-\xEC\xEE\xEF][\x80-\xBF]{2} # straight 3-byte
| \xED[\x80-\x9F][\x80-\xBF] # excluding surrogates
| \xF0[\x90-\xBF][\x80-\xBF]{2} # planes 1-3
| [\xF1-\xF3][\x80-\xBF]{3} # planes 4-15
| \xF4[\x80-\x8F][\x80-\xBF]{2} # plane 16
)*$%xs', $string);
}
/**
* 组装生成ID号
* @param $modules 模块名
* @param $contentid 内容ID
* @param $siteid 站点ID
*/
function id_encode($modules,$contentid, $siteid) {
return urlencode($modules.'-'.$contentid.'-'.$siteid);
}
/**
* 解析ID
* @param $id 评论ID
*/
function id_decode($id) {
return explode('-', $id);
}
/**
* 对用户的密码进行加密
* @param $password
* @param $encrypt //传入加密串,在修改密码时做认证
* @return array/password
*/
function password($password, $encrypt='') {
$pwd = array();
$pwd['encrypt'] = $encrypt ? $encrypt : create_randomstr();
$pwd['password'] = md5(md5(trim($password)).$pwd['encrypt']);
return $encrypt ? $pwd['password'] : $pwd;
}
/**
* 生成随机字符串
* @param string $lenth 长度
* @return string 字符串
*/
function create_randomstr($lenth = 6) {
//openssl_random_pseudo_bytes
$fp = @fopen('/dev/urandom','rb');
$pr_bits = '';
if ($fp !== FALSE) {
$pr_bits .= @fread($fp,$lenth/2);
@fclose($fp);
}
return bin2hex($pr_bits);
//return random($lenth, '123456789abcdefghijklmnpqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ');
}
/**
* 生成随机数
* @param string $lenth 长度
* @return string 字符串
*/
function create_randomnum($min,$max) {
//openssl_random_pseudo_bytes
$difference = $max-$min;
$bytesNeeded = ceil($difference/256);
$fp = @fopen('/dev/urandom','rb');
if ($fp !== FALSE) {
$randomBytes = @fread($fp,$bytesNeeded);
@fclose($fp);
}
$sum = 0;
for ($a = 0; $a < $bytesNeeded; $a++){
$sum += ord($randomBytes[$a]);
}
$sum = $sum % ($difference);
return $sum + $min;
//return random($lenth, '123456789abcdefghijklmnpqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ');
}
/**
* 检查密码长度是否符合规定
*
* @param STRING $password
* @return TRUE or FALSE
*/
function is_password($password) {
$strlen = strlen($password);
if($strlen >= 6 && $strlen <= 20) return true;
return false;
}
/**
* 检测输入中是否含有错误字符
*
* @param char $string 要检查的字符串名称
* @return TRUE or FALSE
*/
function is_badword($string) {
$badwords = array("\\",'&',' ',"'",'"','/','*',',','<','>',"\r","\t","\n","#");
foreach($badwords as $value){
if(strpos($string, $value) !== FALSE) {
return TRUE;
}
}
return FALSE;
}
/**
* 检查用户名是否符合规定
*
* @param STRING $username 要检查的用户名
* @return TRUE or FALSE
*/
function is_username($username) {
$strlen = strlen($username);
if(is_badword($username) || !preg_match("/^[a-zA-Z0-9_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]+$/", $username)){
return false;
} elseif ( 20 < $strlen || $strlen < 2 ) {
return false;
}
return true;
}
/**
* 检查id是否存在于数组中
*
* @param $id
* @param $ids
* @param $s
*/
function check_in($id, $ids = '', $s = ',') {
if(!$ids) return false;
$ids = explode($s, $ids);
return is_array($id) ? array_intersect($id, $ids) : in_array($id, $ids);
}
/**
* 对数据进行编码转换
* @param array/string $data 数组
* @param string $input 需要转换的编码
* @param string $output 转换后的编码
*/
function array_iconv($data, $input = 'gbk', $output = 'utf-8') {
if (!is_array($data)) {
return iconv($input, $output, $data);
} else {
foreach ($data as $key=>$val) {
if(is_array($val)) {
$data[$key] = array_iconv($val, $input, $output);
} else {
$data[$key] = iconv($input, $output, $val);
}
}
return $data;
}
}
/**
* 生成缩略图函数
* @param $imgurl 图片路径
* @param $width 缩略图宽度
* @param $height 缩略图高度
* @param $autocut 是否自动裁剪 默认裁剪,当高度或宽度有一个数值为0是,自动关闭
* @param $smallpic 无图片是默认图片路径
*/
function thumb($imgurl, $width = 100, $height = 100 ,$autocut = 1, $smallpic = 'nopic.gif') {
global $image;
$upload_url = app_base::load_config('system','upload_url');
$upload_path = app_base::load_config('system','upload_path');
if(empty($imgurl)) return IMG_PATH.$smallpic;
$imgurl_replace= str_replace($upload_url, '', $imgurl);
if(!extension_loaded('gd') || strpos($imgurl_replace, '://')) return $imgurl;
if(!file_exists($upload_path.$imgurl_replace)) return IMG_PATH.$smallpic;
list($width_t, $height_t, $type, $attr) = getimagesize($upload_path.$imgurl_replace);
if($width>=$width_t || $height>=$height_t) return $imgurl;
$newimgurl = dirname($imgurl_replace).'/thumb_'.$width.'_'.$height.'_'.basename($imgurl_replace);
if(file_exists($upload_path.$newimgurl)) return $upload_url.$newimgurl;
if(!is_object($image)) {
app_base::load_sys_class('image','','0');
$image = new image(1,0);
}
return $image->thumb($upload_path.$imgurl_replace, $upload_path.$newimgurl, $width, $height, '', $autocut) ? $upload_url.$newimgurl : $imgurl;
}
/**
* 水印添加
* @param $source 原图片路径
* @param $target 生成水印图片途径,默认为空,覆盖原图
* @param $siteid 站点id,系统需根据站点id获取水印信息
*/
function watermark($source, $target = '',$siteid) {
global $image_w;
if(empty($source)) return $source;
if(!extension_loaded('gd') || strpos($source, '://')) return $source;
if(!$target) $target = $source;
if(!is_object($image_w)){
app_base::load_sys_class('image','','0');
$image_w = new image(0,$siteid);
}
$image_w->watermark($source, $target);
return $target;
}
/**
* 当前路径
* 返回指定栏目路径层级
* @param $catid 栏目id
* @param $symbol 栏目间隔符
*/
function catpos($catid, $symbol=' > '){
$category_arr = array();
$siteids = getcache('category_content','commons');
$siteid = $siteids[$catid];
$category_arr = getcache('category_content_'.$siteid,'commons');
if(!isset($category_arr[$catid])) return '';
$pos = '';
$siteurl = siteurl($category_arr[$catid]['siteid']);
$arrparentid = array_filter(explode(',', $category_arr[$catid]['arrparentid'].','.$catid));
foreach($arrparentid as $catid) {
$url = $category_arr[$catid]['url'];
// if(strpos($url, '://') === false) $url = $siteurl.$url;
$pos .= '<a href="'.$url.'">'.$category_arr[$catid]['catname'].'</a>'.$symbol;
}
return $pos;
}
/**
* 根据catid获取子栏目数据的sql语句
* @param string $module 缓存文件名
* @param intval $catid 栏目ID
*/
function get_sql_catid($file = 'category_content_1', $catid = 0, $module = 'commons') {
$category = getcache($file,$module);
$catid = intval($catid);
if(!isset($category[$catid])) return false;
return $category[$catid]['child'] ? " catid IN(".$category[$catid]['arrchildid'].") " : " catid=$catid ";
}
/**
* 获取子栏目
* @param $parentid 父级id
* @param $type 栏目类型
* @param $self 是否包含本身 0为不包含
* @param $siteid 站点id
*/
function subcat($parentid = NULL, $type = NULL,$self = '0', $siteid = '') {
if (empty($siteid)) $siteid = get_siteid();
$category = getcache('category_content_'.$siteid,'commons');
foreach($category as $id=>$cat) {
if($cat['siteid'] == $siteid && ($parentid === NULL || $cat['parentid'] == $parentid) && ($type === NULL || $cat['type'] == $type)) $subcat[$id] = $cat;
if($self == 1 && $cat['catid'] == $parentid && !$cat['child']) $subcat[$id] = $cat;
}
return $subcat;
}
/**
* 获取内容地址
* @param $catid 栏目ID
* @param $id 文章ID
* @param $allurl 是否以绝对路径返回
*/
function go($catid,$id, $allurl = 0) {
static $category;
if(empty($category)) {
$siteids = getcache('category_content','commons');
$siteid = $siteids[$catid];
$category = getcache('category_content_'.$siteid,'commons');
}
$id = intval($id);
if(!$id || !isset($category[$catid])) return '';
$modelid = $category[$catid]['modelid'];
if(!$modelid) return '';
$db = app_base::load_model('content_model');
$db->set_model($modelid);
$r = $db->setCache()->get_one(array('id'=>$id), 'url');
if (!empty($allurl)) {
if (strpos($r['url'], '://')===false) {
if (strpos($category[$catid]['url'], '://') === FALSE) {
$site = siteinfo($category[$catid]['siteid']);
$r['url'] = substr($site['domain'], 0, -1).$r['url'];
} else {
$r['url'] = $category[$catid]['url'].$r['url'];
}
}
}
return $r['url'];
}
/**
* 将附件地址转换为绝对地址
* @param $path 附件地址
*/
function atturl($path) {
if(strpos($path, ':/')) {
return $path;
} else {
$sitelist = getcache('sitelist','commons');
$siteid = get_siteid();
$siteurl = $sitelist[$siteid]['domain'];
$domainlen = strlen($sitelist[$siteid]['domain'])-1;
$path = $siteurl.$path;
$path = substr_replace($path, '/', strpos($path, '//',$domainlen),2);
return $path;
}
}
/**
* 判断模块是否安装
* @param $m 模块名称
*/
function module_exists($m = '') {
if ($m=='admin') return true;
$modules = getcache('modules', 'commons');
$modules = array_keys($modules);
return in_array($m, $modules);
}
/**
* 生成SEO
* @param $siteid 站点ID
* @param $catid 栏目ID
* @param $title 标题
* @param $description 描述
* @param $keyword 关键词
*/
function seo($siteid, $catid = '', $title = '', $description = '', $keyword = '') {
if (!empty($title))$title = strip_tags($title);
if (!empty($description)) $description = strip_tags($description);
if (!empty($keyword)) $keyword = str_replace(' ', ',', strip_tags($keyword));
$sites = getcache('sitelist', 'commons');
$site = $sites[$siteid];
$cat = array();
if (!empty($catid)) {
$siteids = getcache('category_content','commons');
$siteid = $siteids[$catid];
$categorys = getcache('category_content_'.$siteid,'commons');
$cat = $categorys[$catid];
$cat['setting'] = string2array($cat['setting']);
}
$seo['site_title'] =isset($site['site_title']) && !empty($site['site_title']) ? $site['site_title'] : $site['name'];
$seo['keyword'] = !empty($keyword) ? $keyword : $site['keywords'];
$seo['description'] = isset($description) && !empty($description) ? $description : (isset($cat['setting']['meta_description']) && !empty($cat['setting']['meta_description']) ? $cat['setting']['meta_description'] : (isset($site['description']) && !empty($site['description']) ? $site['description'] : ''));
$seo['title'] = (isset($title) && !empty($title) ? $title.' - ' : '').(isset($cat['setting']['meta_title']) && !empty($cat['setting']['meta_title']) ? $cat['setting']['meta_title'].' - ' : (isset($cat['catname']) && !empty($cat['catname']) ? $cat['catname'].' - ' : ''));
foreach ($seo as $k=>$v) {
$seo[$k] = str_replace(array("\n","\r"), '', $v);
}
return $seo;
}
/**
* 获取站点的信息
* @param $siteid 站点ID
*/
function siteinfo($siteid) {
static $sitelist;
if (empty($sitelist)) $sitelist = getcache('sitelist','commons');
return isset($sitelist[$siteid]) ? $sitelist[$siteid] : '';
}
/**
* 生成CNZZ统计代码
*/
function tjcode() {
if(!module_exists('cnzz')) return false;
$config = getcache('cnzz', 'commons');
if (empty($config)) {
return false;
} else {
return '<script src=\'http://pw.cnzz.com/c.php?id='.$config['siteid'].'&l=2\' language=\'JavaScript\' charset=\'gb2312\'></script>';
}
}
/**
* 生成标题样式
* @param $style 样式
* @param $html 是否显示完整的STYLE
*/
function title_style($style, $html = 1) {
$str = '';
if ($html) $str = ' style="';
$style_arr = explode(';',$style);
if (!empty($style_arr[0])) $str .= 'color:'.$style_arr[0].';';
if (!empty($style_arr[1])) $str .= 'font-weight:'.$style_arr[1].';';
if ($html) $str .= '" ';
return $str;
}
/**
* 获取站点域名
* @param $siteid 站点id
*/
function siteurl($siteid) {
static $sitelist;
return WEB_PATH;
// if(!$siteid) return WEB_PATH;
// if(empty($sitelist)) $sitelist = getcache('sitelist','commons');
// return substr($sitelist[$siteid]['domain'],0,-1);
}
/**
* 生成上传附件验证
* @param $args 参数
* @param $operation 操作类型(加密解密)
*/
function upload_key($args) {
$pc_auth_key = md5(app_base::load_config('system','auth_key').$_SERVER['HTTP_USER_AGENT']);
$authkey = md5($args.$pc_auth_key);
return $authkey;
}
/**
* 文本转换为图片
* @param string $txt 图形化文本内容
* @param int $fonttype 无外部字体时生成文字大小,取值范围1-5
* @param int $fontsize 引入外部字体时,字体大小
* @param string $font 字体名称 字体请放于app\libs\data\font下
* @param string $fontcolor 字体颜色 十六进制形式 如FFFFFF,FF0000
*/
function string2img($txt, $fonttype = 5, $fontsize = 16, $font = '', $fontcolor = 'FF0000',$transparent = '1') {
if(empty($txt)) return false;
if(function_exists("imagepng")) {
$txt = urlencode(sys_auth($txt));
$txt = '<img src="'.APP_PATH.'api.php?op=creatimg&txt='.$txt.'&f '.$version['pc_release'];
}
}
/**
* 运行钩子(插件使用)
*/
function runhook($method) {
$time_start = getmicrotime();
$data = '';
$getpclass = FALSE;
$hook_appid = getcache('hook','plugins');
if(!empty($hook_appid)) {
foreach($hook_appid as $appid => $p) {
$pluginfilepath = CODE_PATH.'plugin'.DIRECTORY_SEPARATOR.$p.DIRECTORY_SEPARATOR.'hook.class.php';
$getpclass = TRUE;
include_once $pluginfilepath;
}
$hook_appid = array_flip($hook_appid);
if($getpclass) {
$pclass = new ReflectionClass('hook');
foreach($pclass->getMethods() as $r) {
$legalmethods[] = $r->getName();
}
}
if(in_array($method,$legalmethods)) {
foreach (get_declared_classes() as $class){
$refclass = new ReflectionClass($class);
if($refclass->isSubclassOf('hook')){
if ($_method = $refclass->getMethod($method)) {
$classname = $refclass->getName();
if ($_method->isPublic() && $_method->isFinal()) {
plugin_stat($hook_appid[$classname]);
$data .= $_method->invoke(null);
}
}
}
}
}
return $data;
}
}
function getmicrotime() {
list($usec, $sec) = explode(" ",microtime());
return ((float)$usec + (float)$sec);
}
/**
* 插件前台模板加载
* Enter description here ...
* @param unknown_type $module
* @param unknown_type $template
* @param unknown_type $style
*/
function p_template($plugin = 'content', $template = 'index',$style='default') {
if(!$style) $style = 'default';
$template_cache = app_base::load_sys_class('template_cache');
$compiledtplfile = ROOT_PATH.'caches'.DIRECTORY_SEPARATOR.'caches_template'.DIRECTORY_SEPARATOR.$style.DIRECTORY_SEPARATOR.'plugin'.DIRECTORY_SEPARATOR.$plugin.DIRECTORY_SEPARATOR.$template.'.php';
if(!file_exists($compiledtplfile) || (file_exists(CODE_PATH.'plugin'.DIRECTORY_SEPARATOR.$plugin.DIRECTORY_SEPARATOR.'templates'.DIRECTORY_SEPARATOR.$template.'.html') && filemtime(CODE_PATH.'plugin'.DIRECTORY_SEPARATOR.$plugin.DIRECTORY_SEPARATOR.'templates'.DIRECTORY_SEPARATOR.$template.'.html') > filemtime($compiledtplfile))) {
$template_cache->template_compile('plugin/'.$plugin, $template, 'default');
} elseif (!file_exists(CODE_PATH.'plugin'.DIRECTORY_SEPARATOR.$plugin.DIRECTORY_SEPARATOR.'templates'.DIRECTORY_SEPARATOR.$template.'.html')) {
showmessage('Template does not exist.'.DIRECTORY_SEPARATOR.'plugin'.DIRECTORY_SEPARATOR.$plugin.DIRECTORY_SEPARATOR.$template.'.html');
}
return $compiledtplfile;
}
/**
* 读取缓存动态页面
*/
function cache_page_start() {
$relate_url = isset($_SERVER['REQUEST_URI']) ? safe_replace($_SERVER['REQUEST_URI']) : $php_self.(isset($_SERVER['QUERY_STRING']) ? '?'.safe_replace($_SERVER['QUERY_STRING']) : $path_info);
define('CACHE_PAGE_ID', md5($relate_url));
$contents = getcache(CACHE_PAGE_ID, 'page_tmp/'.substr(CACHE_PAGE_ID, 0, 2));
if($contents && intval(substr($contents, 15, 10)) > SYS_TIME) {
echo substr($contents, 29);
exit;
}
if (!defined('HTML')) define('HTML',true);
return true;
}
/**
* 写入缓存动态页面
*/
function cache_page($ttl = 360, $isjs = 0) {
if($ttl == 0 || !defined('CACHE_PAGE_ID')) return false;
$contents = ob_get_contents();
if($isjs) $contents = format_js($contents);
$contents = "<!--expiretime:".(SYS_TIME + $ttl)."-->\n".$contents;
setcache(CACHE_PAGE_ID, $contents, 'page_tmp/'.substr(CACHE_PAGE_ID, 0, 2));
}
/**
*
* 获取远程内容
* @param $url 接口url地址
* @param $timeout 超时时间
*/
function pc_file_get_contents($url, $timeout=30) {
$stream = stream_context_create(array('http' => array('timeout' => $timeout)));
return @file_get_contents($url, 0, $stream);
}
/**
* Function get_vid
* 获取视频信息
* @param int $contentid 内容ID 必须
* @param int $catid 栏目id 取内容里面视频信息时必须
* @param int $isspecial 是否取专题的视频信息
*/
function get_vid($contentid = 0, $catid = 0, $isspecial = 0) {
static $categorys;
if (!$contentid) return false;
if (!$isspecial) {
if (!$catid) return false;
$contentid = intval($contentid);
$catid = intval($catid);
$siteid = get_siteid();
if (!$categorys) {
$categorys = getcache('category_content_'.$siteid, 'commons');
}
$modelid = $categorys[$catid]['modelid'];
$video_content = app_base::load_model('video_content_model');
$r = $video_content->get_one(array('contentid'=>$contentid, 'modelid'=>$modelid), 'videoid', 'listorder ASC');
$video_store =app_base::load_model('video_store_model');
return $video_store->get_one(array('videoid'=>$r['videoid']));
} else {
$special_content = app_base::load_model('special_content_model');
$contentid = intval($contentid);
$video_store =app_base::load_model('video_store_model');
$r = $special_content->get_one(array('id'=>$contentid), 'videoid');
return $video_store->get_one(array('videoid'=>$r['videoid']));
}
}
/**
* Function dataformat
* 时间转换
* @param $n INT时间
*/
function dataformat($n) {
$hours = floor($n/3600);
$minite = floor($n%3600/60);
$secend = floor($n%3600%60);
$minite = $minite < 10 ? "0".$minite : $minite;
$secend = $secend < 10 ? "0".$secend : $secend;
if($n >= 3600){
return $hours.":".$minite.":".$secend;
}else{
return $minite.":".$secend;
}
}
function httpResponse($status, $msg=''){
$m = app_base::load_model('category_model');
$CATEGORYS = $m->select(array('parentid'=>0),'*','','listorder');
include CODE_PATH . 'libs'.DIRECTORY_SEPARATOR.'data'.DIRECTORY_SEPARATOR.'http'.DIRECTORY_SEPARATOR.$status.'.php';
}
function array_change_key_case_recursive($arr)
{
if(! $arr || !is_array($arr))return array();
return array_map(function($item){
if(is_array($item))
$item = array_change_key_case_recursive($item);
return $item;
},array_change_key_case($arr));
}
function visitauth(){
$vtime = time();
$vsign = md5("cuichuande@ideadata.com.cn#$%" . $vtime);
return "tm={$vtime}&sn={$vsign}";
}
?>
第三部分
防止sql注入的函数,过滤掉那些非法的字符,提高sql安全性,同时也可以过滤XSS的攻击。
function filter($str)
{
if (empty($str)) return false;
$str = htmlspecialchars($str);
$str = str_replace( '/', "", $str);
$str = str_replace( '"', "", $str);
$str = str_replace( '(', "", $str);
$str = str_replace( ')', "", $str);
$str = str_replace( 'CR', "", $str);
$str = str_replace( 'ASCII', "", $str);
$str = str_replace( 'ASCII 0x0d', "", $str);
$str = str_replace( 'LF', "", $str);
$str = str_replace( 'ASCII 0x0a', "", $str);
$str = str_replace( ',', "", $str);
$str = str_replace( '%', "", $str);
$str = str_replace( ';', "", $str);
$str = str_replace( 'eval', "", $str);
$str = str_replace( 'open', "", $str);
$str = str_replace( 'sysopen', "", $str);
$str = str_replace( 'system', "", $str);
$str = str_replace( '$', "", $str);
$str = str_replace( "'", "", $str);
$str = str_replace( "'", "", $str);
$str = str_replace( 'ASCII 0x08', "", $str);
$str = str_replace( '"', "", $str);
$str = str_replace( '"', "", $str);
$str = str_replace("", "", $str);
$str = str_replace(">", "", $str);
$str = str_replace("<", "", $str);
$str = str_replace("<SCRIPT>", "", $str);
$str = str_replace("</SCRIPT>", "", $str);
$str = str_replace("<script>", "", $str);
$str = str_replace("</script>", "", $str);
$str = str_replace("select","",$str);
$str = str_replace("join","",$str);
$str = str_replace("union","",$str);
$str = str_replace("where","",$str);
$str = str_replace("insert","",$str);
$str = str_replace("delete","",$str);
$str = str_replace("update","",$str);
$str = str_replace("like","",$str);
$str = str_replace("drop","",$str);
$str = str_replace("DROP","",$str);
$str = str_replace("create","",$str);
$str = str_replace("modify","",$str);
$str = str_replace("rename","",$str);
$str = str_replace("alter","",$str);
$str = str_replace("cas","",$str);
$str = str_replace("&","",$str);
$str = str_replace(">","",$str);
$str = str_replace("<","",$str);
$str = str_replace(" ",chr(32),$str);
$str = str_replace(" ",chr(9),$str);
$str = str_replace(" ",chr(9),$str);
$str = str_replace("&",chr(34),$str);
$str = str_replace("'",chr(39),$str);
$str = str_replace("<br />",chr(13),$str);
$str = str_replace("''","'",$str);
$str = str_replace("css","'",$str);
$str = str_replace("CSS","'",$str);
$str = str_replace("<!--","",$str);
$str = str_replace("convert","",$str);
$str = str_replace("md5","",$str);
$str = str_replace("passwd","",$str);
$str = str_replace("password","",$str);
$str = str_replace("../","",$str);
$str = str_replace("./","",$str);
$str = str_replace("Array","",$str);
$str = str_replace("or 1='1'","",$str);
$str = str_replace(";set|set&set;","",$str);
$str = str_replace("`set|set&set`","",$str);
$str = str_replace("--","",$str);
$str = str_replace("OR","",$str);
$str = str_replace('"',"",$str);
$str = str_replace("*","",$str);
$str = str_replace("-","",$str);
$str = str_replace("+","",$str);
$str = str_replace("/","",$str);
$str = str_replace("=","",$str);
$str = str_replace("'/","",$str);
$str = str_replace("-- ","",$str);
$str = str_replace(" -- ","",$str);
$str = str_replace(" --","",$str);
$str = str_replace("(","",$str);
$str = str_replace(")","",$str);
$str = str_replace("{","",$str);
$str = str_replace("}","",$str);
$str = str_replace("-1","",$str);
$str = str_replace("1","",$str);
$str = str_replace(".","",$str);
$str = str_replace("response","",$str);
$str = str_replace("write","",$str);
$str = str_replace("|","",$str);
$str = str_replace("`","",$str);
$str = str_replace(";","",$str);
$str = str_replace("etc","",$str);
$str = str_replace("root","",$str);
$str = str_replace("//","",$str);
$str = str_replace("!=","",$str);
$str = str_replace("$","",$str);
$str = str_replace("&","",$str);
$str = str_replace("&&","",$str);
$str = str_replace("==","",$str);
$str = str_replace("#","",$str);
$str = str_replace("@","",$str);
$str = str_replace("mailto:","",$str);
$str = str_replace("CHAR","",$str);
$str = str_replace("char","",$str);
return $str;
}
更加简便的防止sql注入的方法(推荐使用这个):
if (!get_magic_quotes_gpc()) // 判断magic_quotes_gpc是否为打开
{
$post = addslashes($name); // magic_quotes_gpc没有打开的时候把数据过滤
}
$name = str_replace("_", "\_", $name); // 把 '_'过滤掉
$name = str_replace("%", "\%", $name); // 把' % '过滤掉
$name = nl2br($name); // 回车转换
$name= htmlspecialchars($name); // html标记转换
return $name;
PHP防XSS 防SQL注入的代码
/**
* 过滤参数
* @param string $str 接受的参数
* @return string
*/
static public function filterWords($str)
{
$farr = array(
"/<(\\/?)(script|i?frame|style|html|body|title|link|meta|object|\\?|\\%)([^>]*?)>/isU",
"/(<[^>]*)on[a-zA-Z]+\s*=([^>]*>)/isU",
"/select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile|dump/is"
);
$str = preg_replace($farr,'',$str);
return $str;
}
/**
* 过滤接受的参数或者数组,如$_GET,$_POST
* @param array|string $arr 接受的参数或者数组
* @return array|string
*/
static public function filterArr($arr)
{
if(is_array($arr)){
foreach($arr as $k => $v){
$arr[$k] = self::filterWords($v);
}
}else{
$arr = self::filterWords($v);
}
return $arr;
}
在防止被注入攻击时,常会用到两个函数:htmlspecialchars()和addslashes() 、trim()函数。这两个函数都是对特殊字符进行转义。
1)addslashes()作用及使用
addslashes()通常用于防止sql注入,它可对通过get,post和cookie传递过来的参数的单引号和双引号已经null前加“\”进行转义
如:如变量$str=$_POST["str"];的值为:bb' or 1='1。通过addslashes()函数过滤后会变为:bb\' or 1=\'1;
2)htmlspecialchars()作用及使用
htmlspecialchars()也是对字符进行转义,与addslashes()不同的是htmlspecialchars()是将特殊字符用引用实体替换。
如<script>alert('xss')</script>通过htmlspecialchars()过滤后为<script>alert('xss')</script>
3)addslashes()与htmlspecialchars()的区别
除了两个函数的转义方式不同外,它们的使用也不同。
addslashes()通过用于防止sql语句注入,在执行sql语句前对通过get、post和cookie传递来的参数中的单引号,双引号,\ 和null进行转义。
但sql执行成功后,插入到数据库中的数据是不带有转义字符\的。这是如果插入到数据库中的是一些js脚本,当这些脚本被读取出来时还是会被执行。
这是我们可对读取出来的数据使用htmlspecialchars()进行过滤,避免执行被注入的脚本。